Keep thinking in terms of how Intelligence-Driven decisions can change the whole of security and the organization. Focusing on that will make huge gains in terms of security posture, respect from the business, operational availability, better use of resources, and more effective IT security controls that protect or detect the actual threat.
Welcome to this CEWL world. This getting started guide is to the steps to help you on your CEWL journey.
We think it’s important for an organization to Intelligence-Driven. What does that mean? How do we get there?
Ask questions, create filters, review flash alerts, understand the threat-actor cycle, use this to understand the current threat landscape, what the actors are focussing on. We think being a pro-active cyber threat organization is the key to keeping your company safe.
When the organization was set up, we would have put the corporate email domain. If you need more corporate email domains, then let us know. Users can only belong to these email domains. To view them, see the menu option “Email Domain” from the Admin menu. More instructions can be found https://ctci.atlassian.net/wiki/pages/resumedraft.action?draftId=329416709. It should be noted we cannot use personal email addresses as corporate domains.
Step 2 - Adding new Users.
Have any users you want to register? These users will then automatically be added to the CTCI portal with the access level of a user. The first user within the organization will have the company_admin role. That means they can manage the companies and any partners for a zero-trust model. You can also add users on their behalf as well through the user menu option. Users can register at portal.ctci.ai/register or click the “Don’t have an account? Sign up” link!
Step 3 - Add your first Notification Delivery method.
How do you want your alerts sent? What is the default Notification delivery if someone doesn’t put how they want it to be sent? Today, CTCI supports email (of course), slack, teams, webhook (limited), and Jira. To configure a Notification Delivery, please learn how to do this https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325484563.
Step 4 - Add your first Notification Group.
All Notifications need to be associated with a Notification Group. We recommend you give the name Default Notification Group as your first one so that way if people don’t know where to add the Notification filter, they can add it to that. To understand Notification Groups go here: https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325353473
Step 5 - Add your Notification filter.
This is where the magic happens. Anything that matches the filter will be sent to the Notification Delivery that has been set. So if you want to send just Microsoft as a vendor to the ‘Windows Engineering Team,’ then have a filter: vendor=”Microsoft,” if you want all CEWL additions, then set the filter to enter. To learn about the amazing power of filters and how to set yourself up for success, go https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325517390. Create a default catch-all filter that has the filter as empty, this means don’t filter the result, give me all the CVEs added to CEWL!
Learning the product
Step 6 - Learn the product.
You can either order an UberEats and interactive webinar or watch a webinar. To register, please send an email to email@example.com.
Longer-term steps (it’s a journey)
Step 7 - Level Up Information Security!
Now you have completed the basics, you have leveled up. Now you are ready to kick it to the next level. This means determining which security departments. Have GRC get this list, how they manage partners. Have Security
Step 8 - Formalize the processes
Now that you are set on the right course of being an Intelligence-Driven organization, it’s time to formalize the processes and automate them as much as possible.
Step 9 - Level Up The Business!
After leveling up Information Security, you can now level up the Business.
Step 10 - Party!
Always celebrate the goals you have achieved, and focus on the next milestone.
The Cybersecurity mantra
Step 11 - External Vigilance (Everything good should go to 11)
Things are always moving, and the world and threat landscape never stop, so enjoy the journey and keep moving forward.